Method and apparatus for checking the integrity of data stored in a predetermined memory area of a memory

ABSTRACT

A method checks the integrity of data stored in a predetermined memory area of a memory of a first device. The first device is coupled to at least one second device by a network The method involves providing at least one parameter which is suitable for influencing a hash value of at least one predetermined hash function. At least one hash value is calculated on the basis of the data stored in the predetermined memory, the at least one predetermined hash function and the at least one parameter. The second device checks the integrity of the data stored in the predetermined memory area of the first device on the basis of the calculated hash value or values.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is based on and hereby claims priority to PCTApplication No. PCT/EP2008/058909 filed on Jul. 9, 2008 and DEApplication No. 10 2007 034 525.0 filed on Jul. 24, 2007, the contentsof which are hereby incorporated by reference.

BACKGROUND OF THE INVENTION

The technical field of this document relates to checking the integrityof stored data, in particular of firmware or software. Such software orfirmware is suitable for controlling field units, sensors, actuators,DVD drives, hard drives or the like. These can furthermore be suitablefor communicating by a network with one another or with other units,such as servers or personal computers. If these units are physicallyunprotected however, then attackers have the facility to access thesoftware or firmware in particular for the purpose of reverseengineering. There is also a danger of manipulated software or firmwarebeing brought back onto the corresponding unit.

Security against manipulation of the software or firmware for thecorresponding unit could be achieved by hardware measures, such assealing the unit for example. No further manipulation is possible afterthe unit has been sealed. Any subsequent intentional and desired, legalfirmware update would then however also no longer be possible.

A further protection capability can be achieved by checking theintegrity and authenticity of the firmware installed during the firmwareupdate based on digital signatures. This does however presuppose that acheck can be performed during the installation procedure and the memorychip for the firmware is not simply replaced.

As a further option affording security against manipulation a method isknown internally to the applicant for performing a software integritycheck for a unit by calculating a checksum for the software currentlypresent and comparing the calculated checksum with a stored checksum. Inthis situation, the checksum can be designed as a cryptographic checksumand the stored checksum can be stored signed. Thus, when thecorresponding unit is connected by a network, other network nodes ordevices can interrogate this checksum by way of the existingcommunication channels and compare it with the desired value. However,if the software of the corresponding unit is overwritten by amanipulated firmware update, then this checking capability is alsorendered inoperative because the manipulated unit also continues to beable to respond to inquiries for its checksum with the desired value,provided the corresponding checksum remains stored in the manipulatedunit. Then although the stored checksum no longer corresponds to theactual checksum of the software currently present in the correspondingunit, this is however permanently stored in the manipulated unit so asto feign the integrity of the stored software.

SUMMARY

One potential object is accordingly to monitor the integrity of storeddata, in particular of firmware or software, in a first device by seconddevice coupled to the first device.

The inventors propose a method for checking the integrity of data storedin a predetermined memory area of a memory of a first device, wherebythe first device is coupled to at least one second device by a network,which method has the following steps:

-   a) provision of at least one parameter which is suitable for    influencing a hash value of at least one predetermined hash    function;-   b) calculation of at least one hash value on the basis of the data    stored in the predetermined memory, the at least one predetermined    hash function and the at least one parameter; and-   c) checking of the integrity of the data stored in the predetermined    memory area of the first device on the basis of the calculated hash    value(s) by the second device.

In addition, a system for checking the integrity of data stored in apredetermined memory area of a first device is proposed, whereby thefirst device is coupled to at least one second device by a network,whereby the system has:

-   -   a unit for determining or providing at least one parameter which        is suitable for influencing a hash value of at least one        predetermined hash function;    -   the first device, which calculates at least one hash value on        the basis of the data stored in the predetermined memory, the at        least one predetermined hash function and the at least one        parameter; and    -   the second device, which checks the integrity of the data stored        in the predetermined memory area of the first device on the        basis of the calculated hash value(s).

An advantage of the proposed method relates to the fact that the checkedfirst device can only calculate and generate the correct hash value(s)in the situation when the first device does actually have at itsdisposal all the data to be checked for integrity. In particular, inconsequence of using the parameter influencing the respective hash valueit is not sufficient to calculate once and then save the hash value(s)of the data, such that the data could be deleted or overwritten.

By preference, the memory of the first device is configured in such amanner that it has a second memory area in addition to the predetermined(first) memory area for storing the data. The first memory area issuitable for storing the data, in particular the software or firmware,of the first device. The second memory area is provided in particularfor storing data content which does not need to be protected. If forexample the first device is designed as a sensor, then the second memoryarea is intended for storing the respective measurement data and/or theidentification number of the sensor.

In particular, the first memory area is configured to be larger or verymuch larger than the second memory area.

Examples of hash functions which can be used are MD5, SHA-1, SHA-2xx.

According to a preferred development, the step c) comprises:

-   c1) transfer of the at least one calculated hash value from the    first device to the second device by the network;-   c2) calculation of at least one comparison hash value on the basis    of a copy of the data stored in the predetermined memory area, which    is stored in the second device, the at least one predetermined hash    function and the at least one predetermined parameter; and-   c3) comparison by the second device of the transferred hash value    with the calculated comparison hash value in order to provide a    checking result.

According to a preferred embodiment, the at least one parameter includesa plurality of memory location pointers, whereby each two memorylocation pointers define a memory section of the predetermined memoryarea and the defined memory sections cover at least the predeterminedmemory area, whereby in each case a hash value is calculated on thebasis of the data of one of the memory sections and one of thepredetermined hash functions.

According to a further preferred embodiment, the at least one parameterincludes two memory location pointers, whereby a first memory locationpointer and an end of the predetermined memory area define a firstmemory section, a second memory location pointer and a beginning of thepredetermined memory area define a second memory section and the definedmemory sections at least cover the predetermined memory area, whereby ineach case a hash value is calculated on the basis of the data of one ofthe memory sections and of one of the predetermined hash functions.

According to a further preferred embodiment, the at least one parameteris designed as a single memory cell pointer which divides thepredetermined memory area into two memory sections, whereby in each casea hash value is calculated on the basis of the data of one of the memorysections and of one of the predetermined hash functions.

According to a further preferred embodiment, the respective comparisonhash value is calculated by the second device on the basis of a copy ofthe data stored in the respective memory section and the respectivepredetermined hash function.

According to a further preferred embodiment, the at least one parameteris designed as a random number, by which the respective hash function isinitialized. The respective hash value is calculated on the basis of thedata stored in the predetermined memory area and of the respectiveinitialized hash function.

According to a further preferred embodiment, the respective comparisonhash value is calculated by the second device on the basis of a copy ofthe data stored in the predetermined memory area and of the respectivepredetermined initialized hash function.

According to a further preferred embodiment, the at least one hash valueis calculated on the basis of the data stored in the predeterminedmemory area, the at least one predetermined hash function, the at leastone parameter and an identification number of the first device. The samethen correspondingly also applies to the comparison hash value.

According to a further preferred development, the step a) comprises thefollowing method substeps:

-   a1) provision by the second device of the at least one parameter    which is suitable for influencing a hash value of at least one    predetermined hash function; and-   a2) transfer of the provided parameter from the second device to the    first device.

According to a further preferred embodiment, the first device derivesthe at least one parameter from the calculated hash value(s) of apreceding integrity check.

According to a further preferred embodiment, a new parameter is providedin each case with regard to each check of the data stored in thepredetermined memory area.

Furthermore, a computer program product is proposed which initiates theexecution of a method as described above on a program controlled devicefor integrity checking.

It is conceivable for example to supply the computer program product asa storage medium such as a memory card, USB stick, floppy disk, CD-ROM,DVD or also in the form of a downloadable file from a server in anetwork. This can take place for example in a wireless communicationnetwork through the transfer of a corresponding file containing thecomputer program product onto the first and/or second device.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other objects and advantages of the present invention willbecome more apparent and more readily appreciated from the followingdescription of the preferred embodiments, taken in conjunction with theaccompanying drawings of which:

FIG. 1 shows a schematic block diagram of an exemplary embodiment of theproposed system;

FIG. 2 shows a schematic flowchart of a first exemplary embodiment ofthe method;

FIG. 3 shows a schematic flowchart of a second exemplary embodiment ofthe method;

FIG. 4 shows a schematic flowchart of a third exemplary embodiment ofthe method;

FIG. 5 shows a schematic block diagram of the memory of the firstdevice, on which a first embodiment of the method according to FIG. 2 isapplied;

FIG. 6 shows a schematic block diagram of the memory of the firstdevice, on which a second embodiment of the method according to FIG. 2is applied;

FIG. 7 shows a schematic block diagram of the memory of the firstdevice, on which a third embodiment of the method according to FIG. 2 isapplied;

FIG. 8 shows a schematic block diagram of the memory of the firstdevice, on which a fourth embodiment of the method according to FIG. 2is applied; and

FIG. 9 shows a schematic block diagram of the memory of the firstdevice, on which a fifth embodiment of the method according to FIG. 2 isapplied.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Reference will now be made in detail to the preferred embodiments of thepresent invention, examples of which are illustrated in the accompanyingdrawings, wherein like reference numerals refer to like elementsthroughout.

FIG. 1 shows a schematic block diagram of an exemplary embodiment of theproposed system 6 for checking the integrity of data D stored in apredetermined memory area SB1 of a memory 1 of a first device 2. Thefirst device 2 is coupled to at least one second device 3 by a network4.

The system 6 has a first unit 7, the first device 2 and the seconddevice 3. According to the exemplary embodiment shown in FIG. 1, thefirst unit 7 is arranged in the second device 3. It is however alsoconceivable to arrange the first unit 7 in the first device 2, whosedata D is to be checked for its integrity. The first unit 7 is suitablefor determining or providing at least one parameter P, which is suitablefor influencing a hash value H1, H2 of at least one predetermined hashfunction.

The first device 2 calculates at least one hash value H1, H2 on thebasis of the data D stored in the predetermined memory area SB1, the atleast one predetermined hash function and the at least one parameter P.

If for example only one hash value H1 is calculated over the entirepredetermined memory area SB1, then the hash value H1 is yielded by theequation (1) below:H1=f _(hash)(P,D(SB1)),  (1)whereby P denotes the parameter, f_(hash) the hash function used andD(SB1) the data which is stored in the predetermined memory area SB1.

Reference character 8 denotes a second unit which is provided in thefirst device 2 and performs the calculation of the hash values H1, H2.

The second device 3 is suitable for checking the integrity of the data Dstored in the predetermined memory area SB1 of the first device on thebasis of the calculated hash value H1 or the calculated hash values H1,H2. To this end, the second device 3 has a third unit 9 which calculatesat least one comparison hash value H1′, H2′ on the basis of a copy K ofthe data D stored in the predetermined memory area SB1 which is storedin a second memory 5 of the second device 3, the at least onepredetermined hash function f_(hash) and the at least one predeterminedparameter P.

For the example outlined above the third unit 9 calculates the singlecomparison hash value H1′ by the following equation (2):H1′=f _(hash)(P,K)  (2)

By preference, each time a new check is carried out on the data D storedin the predetermined memory area SB1 of the memory 1 of the first device2 a new parameter P is provided by the first unit 7 in each case.

In particular, the first memory area SB1 of the memory 1 is larger orconsiderably larger than the second memory area SB2 of the memory 1,which does not store content items requiring integrity checking.

FIG. 2 shows a first exemplary embodiment of the method for checking theintegrity of data D stored in the predetermined memory area SB1 of thememory 1 first device 2. The first exemplary embodiment of the methodwill be described in the following on the basis of the block diagram inFIG. 2 with reference to FIG. 1. The first exemplary embodiment of themethod according to FIG. 2 comprises the following steps a) to c):

Step a):

At least one parameter P is provided which is suitable for influencing ahash value H1, H2 of at least one predetermined hash function.

By preference, each time a new check is carried out on the data D storedin the predetermined memory area SB1 a new parameter P is provided ineach case.

Step b):

The at least one hash value H1, H2 is calculated on the basis of thedata D stored in the predetermined memory area SB1, the at least onehash function and the at least one parameter P.

Step c):

The integrity of the data D stored in the predetermined memory area SB1of the first device 2 is checked by the second device 3 on the basis ofthe calculated hash value H1 or the calculated hash values H1, H2.

In particular, in the case of regularly occurring checks on theintegrity, the parameter P or the parameters P can be derived from thehash value H1 or the hash values H1, H2 of the previous check. Forexample, P could be derived as the 32 least significant bits of the hashvalue H1 of the preceding check.

The first device 2 to be checked can thus give proof of the integrity ofits data D, or software or firmware, without the need to have to obtainthe corresponding parameter P or the corresponding parameters P from thesecond device 3 every time before the check is performed. Consequently,a request message from the second device 3 performing the checking tothe first device 2 to be checked can be dispensed with. This is inparticular of great advantage in the situation when the second device 3is designed as a checking server which has a multiplicity of firstdevices 2 or network nodes to check.

This variant is advantageous in particular in the situation when itensures that no messages are lost between the first device 2 and thesecond device 3. If this cannot be ensured, however, then it isadditionally necessary to implement a synchronization mechanism for thechecking.

FIG. 3 shows a second exemplary embodiment of the proposed method. Thesecond exemplary embodiment in accordance with FIG. 3 differs from thefirst exemplary embodiment in accordance with FIG. 2 in that the stepsa1) and a2) in accordance with FIG. 3 replace the step a) in accordancewith FIG. 2. In contrast, the steps b) and c) correspond to each otherand are not described for this reason. The second exemplary embodimentof the system in accordance with FIG. 3 accordingly comprises the stepsa1) and a2) described below and the steps b) and c) described withreference to FIG. 2:

Step a1):

The at least one parameter P, which is suitable for influencing a hashvalue H1, H2 of at least one predetermined hash function, is provided bythe second device 3.

Step a2):

The provided parameter P is transferred from the second device 3 to thefirst device 2 by the network 4.

FIG. 4 shows a third exemplary embodiment of the proposed method. Thethird exemplary embodiment of the method in accordance with FIG. 4differs from the first exemplary embodiment of the system in accordancewith FIG. 2 in that the steps c1) to c3) in accordance with FIG. 4replace the step c) in accordance with FIG. 2. The steps a) and b) inaccordance with FIG. 4 correspond to the steps a) and b) in accordancewith FIG. 2. Accordingly, the third exemplary embodiment of the methodin accordance with FIG. 4 comprises the steps a) and b) described forFIG. 2 and also the steps c1) to c3) described in the following:

Step c1):

The at least one calculated hash value H1, H2 is transferred from thefirst device 2 to the second device 3 by the network 4.

Step c2):

At least one comparison hash value H1′, H2′ is calculated on the basisof a copy K of the data D stored in the predetermined memory area SB1which is stored in the second device 3, the at least one predeterminedhash function and the at least one predetermined parameter P. If forexample the first device 2 calculates two hash values H1 and H2 inaccordance with equations (3) and (4) below, then the second device 3calculates the respective comparison hash values H1′ and H2′ byequations (5) and (6) below:H1=fhash(P,D(SB1))  (3)H2=fhash(P,D(SB1))  (4)H1′=fhash(P,K)  (5)H2′=fhash(P,K)  (6)

In particular, the two hash functions f_(hash) and f′_(hash) aredesigned differently. They may however also be identical.

FIGS. 5 to 9 show embodiments of the three exemplary embodiments of themethod in accordance with FIGS. 2 to 4, in particular the method inaccordance with FIG. 2.

In accordance with FIG. 5, the at least one parameter P includes fourmemory location pointers S1-S4.

The memory location pointers S1 and S4 define a first memory section SA1of the predetermined memory area SB1. In addition, the memory locationpointers S2 and S3 define a second memory section SA2 of thepredetermined memory area SB1. The two memory sections SA1 and SA2 atleast cover the predetermined memory area SB1. In accordance with theexemplary embodiment according to FIG. 5, an overlap is also formedbetween the memory location pointers S1 and S2 as well as between S3 andS4.

The first hash value H1 is calculated on the basis of the data D(SA1) ofthe first memory section SA1 and one of the predetermined hash functionsf_(hash) (see equation 7):H1=f _(hash)(D(SA1))  (7)

The second hash value H2 is calculated on the basis of the data D(SA2)of the second memory section SA2 and one of the predetermined hashfunctions f′_(hash) (see equation 8):H2=f′ _(hash)(D(SA2))  (8)

The hash functions f_(hash) and f′_(hash) can be designed differently,but they may also be identical.

In particular, the memory location pointers S1 to S4 are provided to thefirst device 2 by the second device 3 undergoing checking, with theresult that the checked device 2 has no facility to precalculate thehash values H1 and H2 of the hash functions f_(hash), f′_(hash)partially or in their entirety and thus to exclude parts of the data D,or the software, from the check.

In accordance with FIG. 6, the at least one parameter P includes twomemory location pointers S1, S2. The first memory location pointer S1and an end S5 of the predetermined memory area SB1 define the firstmemory section SA1. The second memory location pointer S2 and thebeginning S0 of the predetermined memory area SB1 define the secondmemory section SA2. The two memory sections SA1 and SA2 in accordancewith FIG. 6 not only cover the predetermined memory area SB1—as inaccordance with FIG. 5—completely but also form an overlap, inaccordance with FIG. 6, between S1 and S2. The calculation of the hashvalues H1, H2 ensues analogously from the above equations (7) and (8).

In accordance with FIG. 7, the at least one parameter P is designed as asingle memory location pointer S1 which divides the predetermined memoryarea SB1 into the two memory sections SA1, SA2. The calculation of thehash values H1, H2 ensues analogously from the above equations (7) and(8).

Naturally, the predetermined memory area SB1 in accordance with FIGS. 5to 7 can be subdivided not only into two memory sections SA1, SA2 butinto any desired number of memory sections, whereby then either aseparate hash value is calculated for each memory section or a commonhash value is calculated for a plurality of memory sections which arecombined in any desired, but a permanently defined, sequence.

In accordance with FIGS. 8 and 9, the at least one parameter P isdesigned as at least one random number R, by which the respective hashfunction is initialized. The respective hash value H1 is then calculatedon the basis of the data D(SB1) stored in the predetermined memory areaSB1 and the respective initialized hash function f_(hash). The hashvalue H1 is then calculated for example from the equation (9) below:H1=f _(hash)(R,D)  (9)H1′=f _(hash)(R,K)  (10)

Consequently, the respective comparison hash value H1′ is calculated onthe basis of a copy K of the data D stored in the predetermined memoryarea SB1 and of the respective predetermined initialized hash functionby the second device 3 (see equation (10)). The two embodiments inaccordance with FIGS. 8 and 9 differ in that the calculation of the hashvalue H1 takes place once from the beginning S0 of the predeterminedmemory area SB1 to its end S5 (cf. FIG. 8) and once in the reversedirection from S5 to S0 (cf. FIG. 9).

The invention has been described in detail with particular reference topreferred embodiments thereof and examples, but it will be understoodthat variations and modifications can be effected within the spirit andscope of the invention covered by the claims which may include thephrase “at least one of A, B and C” as an alternative expression thatmeans one or more of A, B and C may be used, contrary to the holding inSuperguide v. DIRECTV, 69 USPQ2d 1865 (Fed. Cir. 2004). It is forexample conceivable to configure the at least one parameter P in such amanner that it contains both memory location pointers and also at leastone random number.

The invention claimed is:
 1. A method for checking the integrity of datastored in a predetermined memory area of a first device by a seconddevice, whereby the first device is coupled to the second device by anetwork, the method comprising: providing a parameter for influencing ahash value calculated using a predetermined hash function; calculatingthe hash value on the basis of the data stored in the predeterminedmemory area, the predetermined hash function and the parameter, the hashvalue being calculated to produce a calculated hash value; and checkingof the integrity of the data stored in the predetermined memory area ofthe first device, the integrity of the data being checked by the seconddevice on the basis of the calculated hash value, wherein the checkingincludes: transferring the calculated hash value from the first deviceto the second device using the network; calculating at least onecomparison hash value based on a copy of the data stored in thepredetermined memory area, the copy being stored in the second device,the predetermined hash function, and the parameter; and comparing thetransferred calculated hash value with the calculated comparison hashvalue at the second device and providing a review result, wherein theparameter includes a plurality of memory location pointers that defineat least two memory sections of the predetermined memory area and the atleast two defined memory sections cover the predetermined memory area,wherein a hash value is separately calculated for each of the at leasttwo memory sections based on data stored in the respective memorysection and the predetermined hash function, wherein the method isrepeated to perform a plurality of checks of the data stored in thepredetermined memory area, and a previously presented parameter isprovided for each check of the data stored in the predetermined memoryarea.
 2. The method as claimed in claim 1, wherein a plurality ofparameters and a plurality of hash functions are used to calculate arespective plurality of hash values.
 3. The method as claimed in claim1, wherein the method uses a plurality of predetermined hash functions,and a hash value is separately calculated for each memory section, onthe basis of data stored in the respective memory section and arespective one of the plurality of predetermined hash functions.
 4. Themethod as claimed in claim 3, wherein the second device has memorysections corresponding to the memory sections of the first device, acopy of the data is stored in the memory sections of the second device,and the comparison hash value is separately calculated by the seconddevice for each memory section of the second device, on the basis of thecopy of the data stored in the respective memory section and therespective one of the predetermined hash functions.
 5. The method asclaimed in claim 1, wherein the parameter includes first and secondmemory location pointers, the first memory location pointer and an endof the predetermined memory area define a first defined memory section,the second memory location pointer and a beginning of the predeterminedmemory area define a second defined memory section, the first and seconddefined memory sections cover at least the predetermined memory area,the method uses a plurality of predetermined hash functions, and a hashvalue is separately calculated for each memory section, on the basis ofdata stored in the memory section and a respective one of the pluralityof predetermined hash functions.
 6. The method as claimed in claim 5,wherein the second device has memory sections corresponding to thememory sections of the first device, a copy of the data is stored in thememory sections of the second device, and the comparison hash value isseparately calculated by the second device for each memory section ofthe second device, on the basis of the copy of the data stored in therespective memory section and the respective one of the predeterminedhash functions.
 7. The method as claimed in claim 1, wherein theparameter is at least one random number, each random number is used toinitialize a respective hash function, and the hash value is separatelycalculated for each hash function, on the basis of the data stored inthe predetermined memory area.
 8. The method as claimed in claim 7,wherein the comparison hash value is separately calculated by the seconddevice for each hash function, on the basis of a copy of the data storedin second device.
 9. The method as claimed in claim 1, wherein the firstdevice has an identification number, and the hash value is calculated onthe basis of the data stored in the predetermined memory area, thepredetermined hash function, the parameter and the identification numberof the first device.
 10. The method as claimed in claim 1, whereinproviding the parameter comprises: providing the parameter from thesecond device; and transferring the parameter from the second device tothe first device.
 11. The method as claimed in claim 1, wherein thefirst device derives the parameter from the calculated hash value of apreceding integrity check.
 12. A non-transitory computer readablestorage medium storing a program for controlling a computer to perform amethod for checking the integrity of data stored in a predeterminedmemory area of a first device by a second device, whereby the firstdevice is coupled to the second device by a network, the methodcomprising: providing a parameter for influencing a hash valuecalculated using a predetermined hash function; calculating the hashvalue on the basis of the data stored in the predetermined memory area,the predetermined hash function and the parameter, the hash value beingcalculated to produce a calculated hash value; and checking of theintegrity of the data stored in the predetermined memory area of thefirst device, the integrity of the data being checked by the seconddevice on the basis of the calculated hash value, wherein the checkingincludes: transferring the calculated hash value from the first deviceto the second device using the network; calculating at least onecomparison hash value based on a copy of the data stored in thepredetermined memory area, the copy being stored in the second device,the predetermined hash function, and the parameter; and comparing thetransferred calculated hash value with the calculated comparison hashvalue at the second device and providing a review result, wherein theparameter includes a plurality of memory location pointers that defineat least two memory sections of the predetermined memory area and the atleast two defined memory sections cover the predetermined memory area,wherein a hash value is separately calculated for each of the at leasttwo memory sections based on data stored in the respective memorysection and the predetermined hash function, wherein the method isrepeated to perform a plurality of checks of the data stored in thepredetermined memory area, and a previously presented parameter isprovided for each check of the data stored in the predetermined memoryarea.
 13. A system for checking the integrity of data, comprising: aparameter unit to provide a parameter for influencing a hash valuecalculated using a predetermined hash function; a first device having apredetermined memory area with the data stored in the predeterminedmemory area, the first device calculating the hash value on the basis ofthe data stored in the predetermined memory area, the predetermined hashfunction and the parameter, the hash value being calculated to produce acalculated hash value; and a second device coupled to the first devicevia a network, to check the integrity of the data stored in thepredetermined memory area of the first device on the basis of thecalculated hash value, wherein the check includes: transferring thecalculated hash value from the first device to the second device using anetwork that connects the first device and the second device;calculating at least one comparison hash value based on a copy of thedata stored in the predetermined memory area, the copy being stored inthe second device, the predetermined hash function, and the parameter;and comparing the transferred calculated hash value with the calculatedcomparison hash value at the second device and providing a reviewresult, wherein the parameter includes a plurality of memory locationpointers that define at least two memory sections of the predeterminedmemory area and the at least two defined memory sections cover thepredetermined memory area, wherein a hash value is separately calculatedfor each of the at least two memory sections based on data stored in therespective memory section and the predetermined hash function, whereinthe check is repeated to perform a plurality of checks of the datastored in the predetermined memory area, and a previously presentedparameter is provided for each check of the data stored in thepredetermined memory area.
 14. The method as claimed in claim 1, whereinthe first device is a separate entity from the second device.
 15. Thenon-transitory computer readable storage medium as claimed in claim 12,wherein the first device is a separate entity from the second device.16. The system as claimed in claim 13, wherein the first device is aseparate entity from the second device.